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CLAIMS 

What is claimed is: 

1 . A method of providing flexible protection in a computer system by 
decoupling protection from privilege, the method comprising: 

enabling receipt of information describing two or more types of protection; 

enabling receipt of information describing a relationship between said two 
or more types of protection and portions of code that are executed in a same 
privilege level of the computer system, wherein said relationship is not required to 
be linear; and 

enabling the association of said information describing said two or more 
types of protection and said information describing said relationship with said 
portions of code. 

2. The method of Claim 1 , wherein said relationship is user definable. 

3. The method of Claim 1 , wherein said portions of code are domains 
and each of said types of protection is defined at least in part by one or more 
domain attributes. 

4. The method of Claim 3, wherein said one or more domain attributes 
includes a domain identifier that specifies to a unique value for a particular domain. 

5. The method of Claim 3, wherein said one or more domain attributes 
includes a Private Key that specifies a unique value for protecting each user that 
concurrently uses a particular domain. 

6. The method of Claim 3, wherein said one or more domain attributes 
includes a SharedCode Key that specifies a value that a particular domain must 
use to access code associated with another domain. 

7. The method of Claim 3, wherein said one or more domain attributes 
includes a SharedData Key that specifies a value that a particular domain must use 
to access data associated with another domain. 

8. The method of Claim 3, wherein said one or more domain attributes 
includes an AllowOthers that specifies a value that a particular domain must use to 
access code associated with another domain in conjunction with said particular 
domain performing cross-domain switching to said other domain. 
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9. The method of Claim 3, wherein said one or more domain attributes 
includes an AccessOthers Key that specifies a value that is used to request access 
of code associated with a particular domain on behalf of another domain. 

10. A method of providing flexible protection in a computer system by 
decoupling protection from privilege, the method comprising: 

detecting a request from a first portion of code to access a second portion of 
code, wherein said first and second portions of code are executed in a same 
privilege level of said computer system; 

determining whether said first portion of code is allowed to access said 
second portion of code based on information describing two or more types of 
protection and also based on information describing a relationship between said 
two or more types of protection and said portions of code, wherein said 
relationship is not required to be linear; and 

if said relationship specifies that said first portion of code may access said 
second portion of code, then 

allowing said first portion of code to access said second 
portion of code; 

else 

not allowing said first portion of code to access said second 
portion of code. 

1 1 . The method of Claim 10, wherein said information describing said 
two or more types of protection and said information describing said relationships 
are associated with said portions of code and wherein the method further 
comprises retrieving said information describing said two or more types of 
protection and said information describing said relationships . 

12. A computer system comprising: 
a memory unit; and 

a processor coupled to the memory unit, the processor for executing a 
method for enforcing protection in a computer system by decoupling protection 
from privilege, the method comprising: 

enabling at a user interface receipt of information describing two or more 
types of protection; 

enabling at the user interface receipt of information describing a relationship 
between said two or more types of protection and portions of code are executed 
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in a same privilege level of the computer system, wherein said relationship is not 
required to be linear; and 

enabling at a link-editor the association of said information describing said 
two or more types of protection and said information describing said relationship 
with said portions of code. 

13. The computer system of Claim 12, wherein said relationship is user 
definable. 

1 4. The computer system of Claim 1 2, wherein said portions of code 
are domains and each of said types of protection is defined at least in part by one 
or more domain attributes. 

15. A computer system comprising: 
a memory unit; and 

a processor coupled to the memory unit, the processor for executing a 
method for providing flexible protection in a computer system by decoupling 
protection from privilege, the method comprising: 

detecting at a memory manager a request from a first portion of code to 
access a second portion of code, wherein said first and second portions of code 
are executed in a same privilege level of said computer system; 

determining at said memory manager whether said first portion of code is 
allowed to access said second portion of code based on information describing 
two or more types of protection and also based on information describing a 
relationship between said two or more types of protection and said portions of 
code, wherein said relationship is not required to be linear; and 

if said relationship specifies that said first portion of code may access said 
second portion of code, then 

allowing at said memory manager said first portion of code to 
access said second portion of code; 

else 

not allowing at said memory manager said first portion of 
code to access said second portion of code. 

1 6. The computer system of Claim 1 5, wherein said information 
describing said two or more types of protection and said information describing 
said relationships are associated with said portions of code and wherein the 
method further comprises retrieving at a loader said information describing said two 
or more types of protection and said information describing said relationships . 
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17. A computer-usable medium having computer-readable program 
code embodied therein for causing a computer system to perform a method of 
providing flexible protection in a computer system by decoupling protection from 
privilege, the method comprising: 

enabling receipt of information describing two or more types of protection; 

enabling receipt of information describing a relationship between said two 
or more types of protection and portions of code that are executed in a same 
privilege level of the computer system, wherein said relationship is not required to 
be linear; and 

enabling the association of said information describing said two or more 
types of protection and said information describing said relationship with said 
portions of code. 

1 8. The computer-usable medium of Claim 17, wherein said 
relationship is user definable. 

19. The computer-usable medium of Claim 17, wherein said portions of 
code are domains and each of said types of protection is defined at least in part by 
one or more domain attributes. 

20. The computer-usable medium of Claim 19, wherein said one or 
more domain attributes includes a domain identifier that specifies to a unique value 
for a particular domain. 

21 . The computer-usable medium of Claim 19, wherein said one or 
more domain attributes includes a Private Key that specifies a unique value for 
protecting each user that concurrently uses a particular domain. 

28. The computer-usable medium of Claim 19, wherein said one or 
more domain attributes includes a SharedCode Key that specifies a value that a 
particular domain must use to access code associated with another domain. 

29. The computer-usable medium of Claim 19, wherein said one or 
more domain attributes includes a SharedData Key that specifies a value that a 
particular domain must use to access data associated with another domain. 

22. The computer-usable medium of Claim 19, wherein said one or 
more domain attributes includes an AllowOthers that specifies a value that a 
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particular domain must use to access code associated with another domain in 
conjunction with said particular domain performing cross-domain switching to said 
other domain. 

23. The computer-usable medium of Claim 19, wherein said one or 
more domain attributes includes an AccessOthers Key that specifies a value that is 
used to request access of code associated with a particular domain on behalf of 
another domain. 



28 



